As the U.S. invests billions of dollars to convert from paper-based medical records to electronic ones, has the time come to offer everyone a unique health-care identification number?

Proponents say universal patient identifiers, or UPIs, deserve a serious look because they are the most efficient way to connect patients to their medical data. They say UPIs not only facilitate information sharing among doctors and guard against needless medical errors, but may also offer a safety advantage in that health records would never again need to be stored alongside financial data like Social Security numbers. UPIs, they say, would both improve care and lower costs.

Privacy activists aren't buying it. They say that information from medical records already is routinely collected and sold for commercial gain without patient consent and that a health-care ID system would only encourage more of the same. The result, they say, will be more patients losing trust in the system and hiding things from their doctors, resulting in a deterioration in care. They agree that it's crucial to move medical records into the digital age. But they say it can be done without resorting to universal health IDs.

Yes: It Means Better CareBy Michael F. Collins
The U.S. health-care industry has an identity crisis.

Lacking an easy, uniform way to identify patients and link them to their health data, doctors, hospitals, pharmacies, insurance plans and others throughout health care have created a sea of unrelated patient-identity numbers that are bogging down our medical-records system.

'An ID system 'could be the safest and most efficient way to manage health-care data.' -- MICHAEL F. COLLINS

Indeed, in an age when it's possible to pay for a cup of coffee using a cellphone, transferring a single patient's medical data from one health provider to another is often a struggle, sometimes resulting in treatment delays and even needless medical errors.

That is why, as the nation invests billions of dollars to convert from paper-based medical records to an electronic system, the time has come to offer everyone a universal patient identifier, or UPI.

A UPI system, using one number that seamlessly connects a person to all of his or her records, could be the safest and most efficient way to manage health-care data. It would guard against misidentification and make it much easier to pull together a patient's records from disparate providers. Using today's best technologies and practices, UPIs could help dramatically improve the quality of health care, lower costs, accelerate medical discovery and better preserve privacy.

That last point is by far the most contentious. It was privacy advocates who stopped the move toward UPIs more than a decade ago, leading to a ban on the use of federal funds just to study this approach. Enough has changed that UPIs deserve another look.

Cases of Mistaken Identity
In the 2010 federal health-care law, substantial resources are dedicated to promoting technology in medicine. We are investing billions of dollars to convert from paper to electronic health records, and to connect health-information hubs across the nation.

UPIs could make such systems more efficient. Currently, health-care providers and administrators struggle daily to match patients to records organized by disparate systems that rely on names, addresses, birth dates and sometimes Social Security numbers. Names can be presented in numerous formats, leading to duplicative records that cost money and lead to errors. As our population grows, the number of people with the same name and other similar personal data multiplies. Research cited by RAND Corp. indicates patients are misidentified at a rate of about 7% to more than 10% during record searches. As databases grow, the problem will only worsen. UPIs can correct this situation.

What about data security? It is difficult—especially without being able to study UPIs—to know what the safest approach is. Admittedly, no IT system is immune to breaches.
That said, patients with UPIs hold a distinct and important advantage in that their medical information is compiled and stored according to that unique identifier, separate from financial data typically coveted by thieves. UPIs can even be set up so that patients could choose to have no identifying data in their record, making it completely anonymous UPIs can be created with built-in checks against typing errors and counterfeiting, and if a UPI is compromised, patients can "retire" it and obtain a new one. Without a UPI, one can only regain medical privacy by changing one's identity, not dissimilar from participation in a witness-protection program!

Could the UPI be co-opted, the way the Social Security number has been, and used for other things? That's something we must guard against. By establishing a system where patients request the number through their doctor's office, and from a third party, not the government, we can help keep the UPI associated with medical data only.

Gaining Patients' Trust
Critics contend that UPIs will only make it easier for companies and others to use medical data for commercial purposes. To protect against this, they say, we need a system where physicians have to ask patients for permission to access their information. Because there has been so little study of UPIs, it's difficult to say whether those fears are valid. But having patients decide which doctor gets which data is the wrong choice. Doctors need full access to all of a patient's data, so they can deliver the appropriate care. That is the essence of the doctor-patient covenant. Furthermore, in critical-care situations, the patient might be unconscious and, therefore, unable to grant access to essential health information.

While narrowing access isn't optimal for patient care, new UPI technology does make it possible. For example, one type of UPI could be used for patients who want all of their physicians to have broad access to their medical data, while another would indicate the patient must first authorize access. Patients get to choose.

Even with all these protections, not every person will trust the system. Studies show that many people already refuse testing and treatment because they are worried it could be used to discriminate against them. UPI critics say a universal health-care ID system will only undermine trust further, but I would argue the opposite is true. Problems related to misidentifying patients and accessing their health information in a timely manner have eroded trust in the current low-tech system, which is why we need a new approach. Building an efficient records system that is more secure and offers better coordinated care can only enhance trust between patients and providers.

Congress should lift the ban on federal funding for UPI research, and we should better inform patients about the benefits of UPIs. No one wants medical data to fall into the wrong hands, but neither do we want patients to suffer because their medical information cannot be accessed.

Dr. Collins, a board-certified physician in internal medicine, is chancellor of the University of Massachusetts Medical School in Worcester, Mass. He can be reached atreports@wsj.com.

No: Privacy Would SufferBy Deborah C. Peel

Doctors and patients need to find a better way to collect and share personal medical records from the innumerable places health data are collected and stored. But linking people to their health data via a unique identifying number isn't the answer.

Yes, assigning everyone a universal patient identifier, or UPI, would improve doctors' ability to share information and make it easier for hospitals to differentiate one John Smith from another. But a universal health ID system would empower government and corporations to exploit the single biggest flaw in health-care technology today: Patients can't control who sees, uses and sells their sensitive health data.

Searching for sensitive patient information would take just one number, not dozens of account numbers at professional offices, hospitals, pharmacies, labs, treatment facilities, government agencies and health plans. UPIs would make it vastly easier for government, corporations and others to use the nation's health information for their own gain without patients even knowing it.

What's more, any benefits associated with UPIs would be erased when patients, knowing their doctors have no control over where health-care data go, refuse to share sensitive information about their minds and bodies. This is a very real issue: Without privacy, patients won't trust doctors. In 2005, a California Healthcare Foundation survey found that due to the lack of privacy, one in eight patients lies, omits critical details, refuses tests or otherwise keeps sensitive health information private. Six hundred thousand people per year avoid early diagnosis for cancer alone.

Invitation to Snoop
We are in the midst of an unprecedented data-privacy crisis. Changes to federal regulations in 2002 eliminated patient control over who sees personal health information and led to explosive growth in the data-mining industry. Pharmacies, health-care IT vendors, insurers and others routinely sell and commercialize prescription records, genetic tests, hospital and office records, and claims data to drug companies and any willing purchasers. Even with names and key identifiers stripped off, it's simple to reidentify patients. Under the guise of improving health, lowering costs or promoting innovation, even government agencies sell and give away large databases of patient records.

Universal health-care IDs would only exacerbate such practices.

Further, UPIs would encourage the government and corporations to build massive, centralized databases of health information, rich targets for data theft and abuse. UPIs would become a de facto universal identification system far more harmful than Social Security numbers, enabling millions of government and corporate workers to snoop into anyone's medical records.

But concerns about health IDs go much deeper. UPIs exacerbate the commoditization of patients by encouraging the perspective that government agencies and corporations have superior rights to decide and control core aspects of who we are. A unique ID system is like giving master keys to millions who work in health care—they no longer need to ask patients to see records.

In the end, cutting out the patient will mean the erosion of patient trust. And the less we trust the system, the more patients will put health and life at risk to protect their privacy.
Such an obvious outcome makes a mockery of claims that UPIs would "reduce errors" and improve "patient safety." Similarly, claims that UPIs will be kept separate from personal and financial IDs are wishful thinking. All health records have financial records attached. But more important, history shows that universal IDs are always used in unintended ways. Social Security numbers were to be used only for payroll taxes, but morphed into universal IDs for health and commerce. UPIs will share the same fate.

Patients in Control
If a single ID number isn't the answer, what is? The best way to share sensitive health information is to build electronic-records systems where patients are in control of their own medical records, not government and industry. Health professionals should seek permission to see personal data, but only patients should release or link it. This is how it works with paper records systems, and there's no reason we should be less concerned about privacy in the digital age.

Existing technologies can allow patients to set default rules to govern data exchanges electronically, such as: "In emergencies, treating physicians may access my entire medical record" or "Anytime I receive health treatment, send copies to my family doctor." Consent rules can be changed instantly online, and sensitive information can be selectively withheld at the patient's discretion.

Unique patient IDs are unnecessary for this system. Much like using online banking to pay bills, patients can use online health systems to send encrypted information from medical accounts to whomever they choose.

Decentralized systems with smaller data sets protect privacy because if any account is broken into, only some information is compromised. More important, they require mediation by the patient. Imagine a universal ID system for all financial transactions where all retailers had our IDs. Commercial transactions would be more efficient if retailers could see and debit our accounts without consent. But it would be unacceptable—and it should also be unacceptable for others to use your health records without permission.

I agree that we need to transform the health-IT system so health professionals and researchers can electronically tap into complete and accurate health information. But any such technology should allow professionals to treat patients as individuals whose needs come first. That won't happen if we create an electronic medical-record system that no one trusts.

Dr. Peel, a psychiatrist and health-privacy expert in Austin, Texas, is the founder of Patient Privacy Rights and leader of the bipartisan Coalition for Patient Privacy. She can be reached atreports@wsj.com.